I am trying to break into Penetration testing. I am currently studying for CISSP and doing the Hackingdojo classes too I have just passed OSWP exam. I am trying to take my next step but I am not sure what course would be best.

So my question is what certification do UK companies look for more ECH or Security + or would I be better off doing OSPC?

And what course would be more beneficial for a pen tester? Looking at security + it looks more about general security then pen testing. But they are bringing a new version out in May.

CREST is my main aim but I lack the expierence at the moment. So I am looking to do courses that will appeal to companies. Then I hope they will take me on as junior so I can gain expirence and do CREST. As I dont think there is any training material for CREST

You may want to enter the UK Cyber Challenge thats starting up at the end of this month. There are quite a few UK companies going to be paying attention to whats happening after last years competition and it's a way of getting your face seen and known. If you show you're keen, have some skill and are willing to learn then you can still get your foot in the door even if you don't win one of the big prizes

If you can, it's also worth going down to things like the european infosecurity expo in london next month (3 day event, 19-21 Apr). You can do some serious networking there and get to talk through things with people in the trade.

I'd be going but i'm already going to B-Sides in london on the 20th and work won't let me skive off two days in a row to go on the lash in london!

Thanks for the reply. I took part in the UK cyber challenge last year but I only really had a look at it so will be taking part this year.

I am doing everything I can to get my face seen and know and already have my ticket for Info-sec Europe.

And I am in the situation where I do know some of the tools and in the right environment I know it would not take me long to pick things up.

What I am trying to do is train my self as best as I can, by doing security courses that will bring value to my CV. The main problem is knowing what UK companies see as worth while certificates. I know CISSP and CREST are most requirements for Pen testers and they are on my list but I don't really have the experience yet.

So was looking at Security + or ECH but not sure how much they would help me I have covered the security + and ECH material and felt I knew most of it already. So dont know if to go for OSPC but how recognized is this in the UK?

Have a look at http://blog.jabawoki.com/ and look at his @Security section. If you look at some of his comments in 08 (page 3 & 4), that may give you some of an idea. If not, drop him a line and say that I sent you (Andy Baker) and he should be able to point you in the right direction.

I'm just lucky that i've got a training grant from work to use over the next two years.

Going to start with the backtrack wifu as a 'fairly' easy (and cheap) warmup. Looking at doing the CompTIA Sec+ in october to broaden my Sec knowledge then hit C|EH around spring after a winter of heavy reading/ playing with backtrack.

WIFU should only cost me about £100 and Sec+ will cost me about £600 including exam, accomodation and food. Should leave me with about £2k of my grant towards my C|EH so should only cost me a few hundred out of my own pocket!

Have to try plan my training round the horses and my son at the minute. Try get it so my son is on school hols (otherwise we don't have enough leave to cover all his holidays). Also need to plan for horses still being on 24hr turnout and wife not competing!! Pain in the ass to juggle it all!

Sounds like you're in much the same boat as most of us, in the IT world. I have a wife (in RN school) and 4 kids, so add those to my full-time gig, and any part-time security stuff, or study I'm doing, and I understand, completely! Balance of time, work and family is always a big task, but you kind of get used to it, and learn to satisfy all sides, as you move forward. If you're not willing to work all of that out, and find some $$ to work with, to boot, security is definitely NOT a good field to get into, as things are ALWAYS changing, updating, etc, and continued research and study time are a necessity.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'